# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.

production: &base
  #
  # 1. GitLab app settings
  # ==========================

  ## GitLab settings
  gitlab:
    ## Web server settings (note: host is the FQDN, do not include http://)
    host: <%= @gitlab_host %>
    port: <%= @gitlab_port %>
    https: <%= @gitlab_https %>

    # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
    # (you'd obviously need to replace ssh.host_example.com with your own host).
    # Otherwise, ssh host will be set to the `host:` value above
    ssh_host: <%= @gitlab_ssh_host %>

    # WARNING: See config/application.rb under "Relative url support" for the list of
    # other files that need to be changed for relative url support
    relative_url_root: <%= @gitlab_relative_url %>

    # Trusted Proxies
    # Customize if you have GitLab behind a reverse proxy which is running on a different machine.
    # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
    trusted_proxies:
<% @trusted_proxies.each do |proxy| %>
      - <%= proxy %>
<% end %>

    # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
    user: <%= node['gitlab']['user']['username'] %>

    ## Date & Time settings
    time_zone: <%= single_quote(@time_zone) %>

    ## Email settings
    # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
    email_enabled: <%= @gitlab_email_enabled %>
    # Email address used in the "From" field in mails sent by GitLab
    email_from: <%= @gitlab_email_from %>
    email_display_name: <%= @gitlab_email_display_name %>
    email_reply_to: <%= @gitlab_email_reply_to %>

    # Email server smtp settings are in [a separate file](initializers/smtp_settings.rb.sample).

    ## User settings
    default_can_create_group: <%= @gitlab_default_can_create_group %>  # default: true
    username_changing_enabled: <%= @gitlab_username_changing_enabled %> # default: true - User can change her username/namespace
    ## Default theme
    ##   1 - Graphite
    ##   2 - Charcoal
    ##   3 - Green
    ##   4 - Gray
    ##   5 - Violet
    ##   6 - Blue
    default_theme: <%= @gitlab_default_theme %> # default: 2

    ## Automatic issue closing
    # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
    # This happens when the commit is pushed or merged into the default branch of a project.
    # When not specified the default issue_closing_pattern as specified below will be used.
    # Tip: you can test your closing pattern at http://rubular.com
    issue_closing_pattern: <%= single_quote(@gitlab_issue_closing_pattern) %>

    ## Default project features settings
    default_projects_features:
      issues: <%= @gitlab_default_projects_features_issues %>
      merge_requests: <%= @gitlab_default_projects_features_merge_requests %>
      wiki: <%= @gitlab_default_projects_features_wiki %>
      snippets: <%= @gitlab_default_projects_features_snippets %>
      builds: <%= @gitlab_default_projects_features_builds %>
      container_registry: <%= @gitlab_default_projects_features_container_registry %>

    ## Webhook settings
    # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
    webhook_timeout: <%= @webhook_timeout %>

    ## Repository downloads directory
    # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
    # The default is 'tmp/repositories' relative to the root of the Rails app.
    repository_downloads_path: <%= @gitlab_repository_downloads_path %>

  ## Reply by email
  # Allow users to comment on issues and merge requests by replying to notification emails.
  # For documentation on how to set this up, see http://doc.gitlab.com/ce/incoming_email/README.html
  incoming_email:
    enabled: <%= @incoming_email_enabled %>

    # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
    # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
    address: <%= single_quote(@incoming_email_address) %>

    # Email account username
    # With third party providers, this is usually the full email address.
    # With self-hosted email servers, this is usually the user part of the email address.
    user: <%= single_quote(@incoming_email_email) %>
    # Email account password
    password: <%= single_quote(@incoming_email_password) %>

    # IMAP server host
    host: <%= single_quote(@incoming_email_host) %>
    # IMAP server port
    port: <%= @incoming_email_port %>
    # Whether the IMAP server uses SSL
    ssl: <%= @incoming_email_ssl %>
    # Whether the IMAP server uses StartTLS
    start_tls: <%= @incoming_email_start_tls %>

    # The mailbox where incoming mail will end up. Usually "inbox".
    mailbox: <%= single_quote(@incoming_email_mailbox_name) %>

  ## Build Artifacts
  artifacts:
    enabled: <%= @artifacts_enabled %>
    # The location where Build Artifacts are stored (default: shared/artifacts).
    path: <%= @artifacts_path %>

  ## Git LFS
  lfs:
    enabled: <%= @lfs_enabled %>
    # The location where LFS objects are stored (default: shared/lfs-objects).
    storage_path: <%= @lfs_storage_path %>

  ## Container Registry
  registry:
    enabled: <%= @registry_enabled %>
    host: <%= @registry_host %>
    port: <%= @registry_port %>
    api_url: <%= @registry_api_url %> # internal address to the registry, will be used by GitLab to directly communicate with API
    path: <%= @registry_path %>
    key: <%= @registry_key_path %>
    issuer: <%= @registry_issuer %>

  ## GitLab Pages (EE only)
  pages:
    enabled: <%= @pages_enabled %>
    path: <%= @pages_path %>
    host: <%= @pages_host %>
    port: <%= @pages_port %>
    https: <%= @pages_https %>
    external_http: <%= @pages_external_http %>
    external_https: <%= @pages_external_https %>

  ## Elasticsearch (EE only)
  # Enable it if you are going to use elasticsearch instead of
  # regular database search
  elasticsearch:
    enabled: <%= @elasticsearch_enabled %>
    host: <%= @elasticsearch_host %>
    port: <%= @elasticsearch_port %>

  ## Gravatar
  ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
  gravatar:
    # gravatar urls: possible placeholders: %{hash} %{size} %{email}
    plain_url: <%= single_quote(@gravatar_plain_url) %>     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
    ssl_url:   <%= single_quote(@gravatar_ssl_url) %>    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon

  ## Auxiliary jobs
  # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
  # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
  cron_jobs:
    # Flag stuck CI builds as failed
    stuck_ci_builds_worker:
      cron: <%= @stuck_ci_builds_worker_cron %>
    # Remove expired build artifacts
    expire_build_artifacts_worker:
      cron: <%= @expire_build_artifacts_worker_cron %>
    # Periodically run 'git fsck' on all repositories. If started more than
    # once per hour you will have concurrent 'git fsck' jobs.
    repository_check_worker:
      cron: <%= @repository_check_worker_cron %>
    # Send admin emails once a week
    admin_email_worker:
      cron: <%= @admin_email_worker_cron %>

    # Remove outdated repository archives
    repository_archive_cache_worker:
      cron: <%= @repository_archive_cache_worker_cron %>

    ##
    # GitLab EE only jobs:

    # Snapshot active users statistics
    historical_data_worker:
      cron: <%= @historical_data_worker_cron %>

    # Update mirrored repositories
    update_all_mirrors_worker:
      cron: <%= @update_all_mirrors_worker_cron %>

    # Update remote mirrors
    update_all_remote_mirrors_worker:
      cron: <%= @update_all_remote_mirrors_worker_cron %>

    # In addition to refreshing users when they log in,
    # periodically refresh LDAP users membership.
    # NOTE: This will only take effect if LDAP is enabled
    ldap_sync_worker:
      cron: <%= @ldap_sync_worker_cron %>

    # Gitlab Geo nodes notification worker
    # NOTE: This will only take effect if Geo is enabled
    geo_bulk_notify_worker:
      cron: <%= @geo_bulk_notify_worker_cron %>

  #
  # 2. GitLab CI settings
  # ==========================

  gitlab_ci:
    # Default project notifications settings:
    #
    # Send emails only on broken builds (default: true)
    all_broken_builds: <%= @gitlab_ci_all_broken_builds %>
    #
    # Add pusher to recipients list (default: false)
    add_pusher: <%= @gitlab_ci_add_pusher || @gitlab_ci_add_committer %>

    # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
    builds_path: <%= @builds_directory %>

  #
  # 3. Auth settings
  # ==========================

  ## LDAP settings
  # You can inspect a sample of the LDAP users with login access by running:
  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
  ldap:
    enabled: <%= @ldap_enabled %>
    sync_time: <%= @ldap_sync_time %>
  <% if @ldap_servers.any? %>
    servers:
    <% @ldap_servers.each do |provider_id, settings| %>
      <%= provider_id %>: <%= settings.to_json %>
    <% end %>
  <% else %>
    host: <%= single_quote(@ldap_host) %>
    port: <%= @ldap_port %>
    uid: <%= single_quote(@ldap_uid) %>
    method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain"
    bind_dn: <%= single_quote(@ldap_bind_dn) %>
    password: <%= single_quote(@ldap_password) %>
    active_directory: <%= @ldap_active_directory %>
    allow_username_or_email_login: <%= @ldap_allow_username_or_email_login %>
    base: <%= single_quote(@ldap_base) %>
    user_filter: <%= single_quote(@ldap_user_filter) %>

    ## EE only
    group_base: <%= single_quote(@ldap_group_base) %>
    admin_group: <%= single_quote(@ldap_admin_group) %>
    sync_ssh_keys: <%= single_quote(@ldap_sync_ssh_keys) %>
    sync_time: <%= @ldap_sync_time %>
  <% end %>

  ## Kerberos settings
  kerberos:
    # Allow the HTTP Negotiate authentication method for Git clients
    enabled: <%= @kerberos_enabled %>

    # Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
    # and should be different from other keytabs in the system.
    # (default: use default keytab from Krb5 config)
    keytab: <%= @kerberos_keytab %>

    # The Kerberos service name to be used by GitLab.
    # (default: accept any service name in keytab file)
    service_principal_name: <%= @kerberos_service_principal_name %>

    # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
    # To support both Basic and Negotiate methods with older versions of Git, configure
    # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
    # to dedicate this port to Kerberos authentication. (default: false)
    use_dedicated_port: <%= @kerberos_use_dedicated_port %>
    port: <%= @kerberos_port %>
    https: <%= @kerberos_https %>


  ## OmniAuth settings
  omniauth:
    # Allow login via Twitter, Google, etc. using OmniAuth providers
    enabled: <%= @omniauth_enabled %>

    # Uncomment this to automatically sign in with a specific omniauth provider's without
    # showing GitLab's sign-in page (default: show the GitLab sign-in page)
    auto_sign_in_with_provider: <%= @omniauth_auto_sign_in_with_provider %>

    # CAUTION!
    # This allows users to login without having a user account first. Define the allowed
    # providers using an array, e.g. ["saml", "twitter"]
    # User accounts will be created automatically when authentication was successful.
    allow_single_sign_on: <%= @omniauth_allow_single_sign_on.to_json %>

    # Locks down those users until they have been cleared by the admin (default: true).
    block_auto_created_users: <%= @omniauth_block_auto_created_users %>
    # Look up new users in LDAP servers. If a match is found (same uid), automatically
    # link the omniauth identity with the LDAP account. (default: false)
    auto_link_ldap_user: <%= @omniauth_auto_link_ldap_user %>

    # Allow users with existing accounts to login and auto link their account via SAML
    # login, without having to do a manual login first and manually add SAML
    # (default: false)
    auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %>

    # Set different Omniauth providers as external so that all users creating accounts
    # via these providers will not be able to have access to internal projects. You
    # will need to use the full name of the provider, like `google_oauth2` for Google.
    # Refer to the examples below for the full names of the supported providers.
    # (default: [])
    external_providers: <%= @omniauth_external_providers.to_json %>

    ## Auth providers
    # Uncomment the following lines and fill in the data of the auth provider you want to use
    # If your favorite auth provider is not listed you can use others:
    # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
    # The 'app_id' and 'app_secret' parameters are always passed as the first two
    # arguments, followed by optional 'args' which can be either a hash or an array.
    # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
    providers:
      # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
      #     app_secret: 'YOUR APP SECRET',
      #     args: { access_type: 'offline', approval_prompt: '' } }
      # - { name: 'twitter', app_id: 'YOUR APP ID',
      #     app_secret: 'YOUR APP SECRET'}
      # - { name: 'github', app_id: 'YOUR APP ID',
      #     app_secret: 'YOUR APP SECRET',
      #     args: { scope: 'user:email' } }
<% @omniauth_providers.each do |provider| %>
      - <%= provider.to_json %>
<% end %>

  # Shared file storage settings
  shared:
    path: <%= @shared_path %>


  #
  # 4. Advanced settings
  # ==========================

  # GitLab Satellites
  # Important: keep the satellites.path setting until GitLab 9.0 at
  # least. This setting is fed to 'rm -rf' in
  # db/migrate/20151023144219_remove_satellites.rb
  satellites:
    # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
    path: <%= @satellites_path %>
    timeout: <%= @satellites_timeout %>

  ## Backup settings
  backup:
    path: "<%= @backup_path %>"   # Relative paths are relative to Rails.root (default: tmp/backups/)
    archive_permissions: <%= @backup_archive_permissions %> # Permissions for the resulting backup.tar file (default: 0600)
    keep_time: <%= @backup_keep_time %>   # default: 0 (forever) (in seconds)
    pg_schema: <%= @backup_pg_schema %>   # default: nil, it means that all schemas will be backed up
    upload:
      # Fog storage connection settings, see http://fog.io/storage/ .
      connection: <%= @backup_upload_connection.to_json if @backup_upload_connection %>
      # The remote 'directory' to store your backups. For S3, this would be the bucket name.
      remote_directory: <%= single_quote(@backup_upload_remote_directory) %>
      multipart_chunk_size: <%= @backup_multipart_chunk_size %>
      encryption: <%= @backup_encryption %>

  ## GitLab Shell settings
  gitlab_shell:
    path: <%= @gitlab_shell_path %>

    # REPOS_PATH MUST NOT BE A SYMLINK!!!
    repos_path: <%= @gitlab_shell_repos_path %>
    hooks_path: <%= @gitlab_shell_hooks_path %>

    # Git over HTTP
    upload_pack: <%= @gitlab_shell_upload_pack %>
    receive_pack: <%= @gitlab_shell_receive_pack %>

    # If you use non-standard ssh port you need to specify it
    ssh_port: <%= @gitlab_shell_ssh_port %>

    # git-annex support (EE only)
    # If this setting is set to true, the same setting in config.yml of
    # gitlab-shell needs to be set to true
    git_annex_enabled: <%= @git_annex_enabled %>

  ## Git settings
  # CAUTION!
  # Use the default values unless you really know what you are doing
  git:
    bin_path: <%= @git_bin_path %>
    # The next value is the maximum memory size grit can use
    # Given in number of bytes per git object (e.g. a commit)
    # This value can be increased if you have very large commits
    max_size: <%= @git_max_size %>
    # Git timeout to read a commit, in seconds
    timeout: <%= @git_timeout %>

  #
  # 5. Extra customization
  # ==========================

  extra:
    <% if @extra_google_analytics_id %>
    ## Google analytics. Uncomment if you want it
    google_analytics_id: <%= single_quote(@extra_google_analytics_id) %>
    <% end %>

    <% if @extra_piwik_url %>
    ## Piwik analytics.
    piwik_url: <%= single_quote(@extra_piwik_url) %>
    piwik_site_id: <%= single_quote(@extra_piwik_site_id) %>
    <% end %>

  rack_attack:
    git_basic_auth: <%= @rack_attack_git_basic_auth.to_json if @rack_attack_git_basic_auth %>


development:
  <<: *base

test:
  <<: *base
  gravatar:
    enabled: true
  gitlab:
    host: localhost
    port: 80

    # When you run tests we clone and setup gitlab-shell
    # In order to setup it correctly you need to specify
    # your system username you use to run GitLab
    # user: YOUR_USERNAME
  satellites:
    path: tmp/tests/gitlab-satellites/
  gitlab_shell:
    path: tmp/tests/gitlab-shell/
    repos_path: tmp/tests/repositories/
    hooks_path: tmp/tests/gitlab-shell/hooks/
  issues_tracker:
    redmine:
      title: "Redmine"
      project_url: "http://redmine/projects/:issues_tracker_id"
      issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
      new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
  ldap:
    enabled: false
    servers:
      main:
        label: ldap
        host: 127.0.0.1
        port: 3890
        uid: 'uid'
        method: 'plain' # "tls" or "ssl" or "plain"
        base: 'dc=example,dc=com'
        user_filter: ''
        group_base: 'ou=groups,dc=example,dc=com'
        admin_group: ''
        sync_ssh_keys: false

staging:
  <<: *base
